Customers across Europe will have noticed a recent surge in the number of emails landing in their inbox from companies informing them of incoming European Union data privacy regulations.
The consequences of flouting these new laws are severe, but there are also big opportunities for the organizations that get it right.
The General Data Privacy Regulation (GDPR) will come into force tomorrow (25 May). This is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
While GDPR is very much a European initiative, it has profound implications for companies all over the world – even those that don’t have a physical presence in the EU. This will produce opportunities as well as challenges.
Preparing for GDPR
Data is a powerful tool in this age of digital innovation, but how companies harvest this data isn’t always clear. The EU has acted to implement strict regulations to protect customers’ private information from misuse.
Put in simple terms, GDPR sets out the principles for data management and the rights of the individual. These regulations apply to all companies that deal with data belonging to any individual located in the EU, regardless of whether the company is based in Brussels or Beijing.
Those that fail to comply with GDPR face stiff penalties, including fines of up to 4% of global annual turnover.
However, despite these potential repercussions, many companies are yet to develop an appropriate strategy for complying with GDPR.
Addressing delegates at the European Business Summit, which is supported by its strategic partner Tata Consultancy Services, Lorena Marciano, EMEAR Data Protection and Privacy Officer at CISCO, highlighted that “recent reports suggest that many companies are not ready”.
The importance of privacy for digital projects
Technologies such as artificial intelligence, the Internet of Things, and cloud computing are driving this age of digital innovation that we call ‘Business 4.0’. And privacy is a key component in this new age.
“Privacy is very important in the digital economy and for digital innovation,” Marciano said. “The use of data has really moved our lives – it used to be quite provincial, now it is far more global. But some use of data is not how we want it, that’s where privacy is key. We must be fair, transparent and accountable on data use.”
Marciano highlighted a recent survey by CISCO of 3,000 business leaders which showed that of the $30 trillion-worth of digital projects underway $16 trillion are classed as ‘very privacy dependant’.
The same study shows that 65% of companies experience delays in sales because of privacy issues. In Japan the average delay is calculated at around 12 weeks, while in the United States it is closer to eight weeks.
Opportunities associated with GDPR
For the companies that can effectively embrace GDPR, the opportunities will far outweigh any perceived drawbacks.
Marciano explained: “GDPR brings a lot of consistency – it used to be extremely difficult for companies working across many jurisdictions. [GDPR] forces companies to be fair, accountable and transparent. It empowers them to be on top of this.”
This optimism is supported by other studies that show consumers have increased their spend with companies that are protecting their personal data.
It has also been found that most companies view the new regulations as an opportunity to improve their privacy and data security, which could serve as a spark for new data-led business models.
Innovation and teamwork are crucial
In order to thrive in this new GDPR-focussed world, companies must harness innovation and collaboration.
“This work is not for legal teams only,” Marciano explained. “People that build the products and services need to feed in too. It is important for teams with different skill sets to contribute.”
Choosing a suitable program framework, assessing the organization’s data protection maturity and collecting and connecting existing capabilities and processes are equally important. But the companies that truly flourish will be those that prioritize innovation.
Marciano concluded: “More data is exchanged on a daily basis than currency, so we need to simplify privacy because privacy is here to stay. Privacy engineering is the key and this brings innovation.”